Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

2024-02-13 07:03

Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code.

News URL

https://thehackernews.com/2024/02/ivanti-vulnerability-exploited-to.html

#backdoor #infrastructure #ivanti #vulnerability #CVE-2024-21893

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2024-21893	Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. network low complexity ivanti CWE-918	8.2

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Ivanti		23	9	60	74	51	194

News URL

Related news

Related Vulnerability

Related vendor